Privacy Policy
Privacy Policy
1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER
1.1 We’re pleased that you’re visiting our website and thank you for your interest. In the following, we will inform you about how your personal data is handled when using our website. Personal data refers to any information with which you can be personally identified.
1.2 The party responsible for data processing on this website, in accordance with the General Data Protection Regulation (GDPR), is Ilka Matthiessen, Erbsuende, Karlsbader Str. 8, 80937 Munich, Germany, Tel.: 0049 – (0)89 600 37 850, Email: info@erbsuende.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” string and the lock symbol in your browser’s address bar.
2) Data Collection When Visiting Our Website
When merely browsing our website for information, meaning you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website you visited
- Date and time at the moment of access
- Amount of data sent in bytes
- Source or referral from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6, Para. 1 f GDPR based on our legitimate interest in improving the stability and functionality of our website The data is not passed on or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.
3) Cookies
To make the visit to our website attractive and to enable the use of certain features, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period, allowing the storage of page settings (so-called “persistent cookies”). In the latter case, you can find information on the storage duration in the overview of cookie settings in your web browser.
If any of the cookies we use also process personal data, the processing is carried out in accordance with Art. 6, Para. 1 b of the GDPR, either for the execution of the contract, in accordance with Art. 6 Para.1 of the GDPR in cases where consent has been given, or in accordance with Art. 6 Para. 1 f GDPR to save our legitimate interests in optimizing the functionality of the website as well as ensuring a user-friendly and effective design of the site visit, also in accordance with Art. 6, Para. 1 of the GDPR.
You can configure your browser to inform you about the setting of cookies and decide individually about their acceptance, or you can exclude the acceptance of cookies for specific cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contacting Us
When you contact us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for that purpose. The legal basis for the processing of this data is our legitimate interest in responding to your inquiry in accordance with Art. 6, Para. 1 f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6, Para. 1 b GDPR Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no legal retention obligations.
5) Data Processing When Opening a Customer Account
In accordance with Art. 6 Para. 1 b b GDPR, personal data will continue to be collected and processed to the extent necessary when you provide this information to us while opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be accomplished by sending a message to the aforementioned address of the responsible party. After deletion of your customer account, your data will be erased, provided that all contracts concluded through it have been fully executed, no legal retention periods apply, and we no longer have a legitimate interest in further storage.
6) Comment Function
As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you have chosen will be stored and published on this website. Furthermore, your IP address will be stored for security reasons in order to enable attribution to the author in case of unlawful comments. Your email address will be stored for contacting you in case a third party objects to your published content as unlawful.
7) Use of Customer Data for Direct Advertising
Signing Up for Our Email Newsletter
When you sign up for our email newsletter, we will regularly send you information about our offers. The mandatory information required for sending the newsletter is solely your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you provide us with your consent to use your personal data in accordance with Art. 6 Para. 1 a GDPR In this process, we store the IP address entered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your email address at a later time. The data collected from you during the newsletter signup process is strictly used for its intended purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that, which is legally permitted and about which we inform you in this statement.
8) Data Processing for Order Processing
8.1 As far as necessary for the fulfillment and processing of the contract, the personal data collected by us will be processed in accordance with Art. 6 Abs. 1 b GDPR on to the commissioned transportation company and the commissioned financial institution for the purpose of delivery and payment processing.
If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided during the order (name, address, email address) in order to fulfill our legal obligation to inform you in accordance with Art. 6 Para. 1 c GDPR through an appropriate means of communication (such as postal mail or email) about upcoming updates within the legally prescribed period. Your contact details will be strictly used for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for providing the respective information.
To process your order, we also cooperate with the following service provider(s), who fully or partially support us in executing concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 Use of Payment Service Providers
– Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, we will forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The disclosure is carried out in accordance with Art. 6 Para. 1 b GDPR and only to the extent necessary for payment processing.
For payment methods such as credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be processed in accordance with Art. 6 Para. 1 f the GDPR, based on PayPal’s legitimate interest in determining your creditworthiness, your payment data may be passed on to credit agencies. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit check may include probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things but not exclusively, address data. For further data protection information, including details about the credit agencies used, please refer to PayPal’s privacy policy:https://www.paypal.com
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if it is necessary for the contractual payment processing.
9) Online-Marketing
Use of affiliate programs
– Own affiliate program
In connection with the product presentations on our website, we operate our own affiliate program through which we provide interested third-party website operators with partner links to be placed on their websites, leading to our offers. Cookies are used for the affiliate program, which are generally set on the partner site after clicking on a corresponding partner link, and we are not responsible for the data protection aspects in this regard. Cookies are small text files that are stored on your device in order to track the origin of transactions (such as “sales leads”) that were generated through such links. In this process, we can, among other things, recognize that you have clicked on the partner link and were redirected to our website. This information is needed for the payment processing between us and the affiliate partners. If the information also includes personal data, the processing described is based on our legitimate financial interest in processing commission payments according to Art. 6 para. 1 lit. f DSGVO.
If you wish to block the evaluation of user behavior via cookies, you can adjust your browser settings to be notified when cookies are being set and decide whether to accept them individually, or you can exclude the acceptance of cookies for specific cases or in general.
10) Web Analytics Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses “cookies,” which are text files stored on your device that allow an analysis of your usage of the website. The information generated by the cookie about your use of this website (including your shortened IP address) is usually transmitted to and stored on a Google server. This may also involve the transmission to servers of Google LLC. in the USA.
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures the anonymization of IP addresses by shortening them and excludes direct personal references. The extension ensures that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide us with further services related to website usage and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics also allows the creation of statistics through a special feature known as “demographic characteristics,” which provide insights into the age, gender, and interests of page visitors based on an analysis of interest-based advertising and third-party information. This allows the definition and differentiation of user groups on the website for the purpose of targeted optimization of marketing activities. However, the data collected through “demographic characteristics” cannot be attributed to any specific individual.
Details about the processes initiated by Google Analytics and Google’s handling of website data can be found here: https://policies.google.com
All the aforementioned processes, especially the setting of Google Analytics cookies for extracting information from the used device, are carried out only if you have given us your consent in accordance with Art. 6 Para. 1 a GDPR provided your explicit consent for this. Without providing this consent, the use of Google Analytics during your visit to the website will not occur.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please disable this service using the “Cookie Consent Tool” provided on the website. We have entered into a data processing agreement with Google for the use of Google Analytics, in which Google is obligated to protect the data of our website visitors and not to disclose it to third parties.
For the transfer of data from the EU to the USA, Google relies on the so-called Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information about Google (Universal) Analytics can be found here: https://policies.google.com
11) Page Functionality
11.1 Trusted Shops Trustbadge
To display our Trusted Shops quality seal and to offer the Trusted Shops membership for buyers after an order, this website includes the Trusted Shops Trustbadge.
This serves to protect our predominantly legitimate interests in optimal marketing of our offerings as part of a balance of interests, Art. 6 Para. 1 f GDPR The Trustbadge and the services advertised with it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
When the Trustbadge is called up, the web server automatically stores a so-called server log file, which includes your IP address, date and time of access, amount of data transmitted, and the requesting provider (access data), and documents the access. These access data are not evaluated and are automatically overwritten no later than seven days after the end of your visit to the website.
Additional personal data is only transferred to Trusted Shops if you choose to use Trusted Shops products after completing an order or if you have already registered for their use. In this case, the contractual agreement between you and Trusted Shops applies.
11.2 – Google Web Fonts
This page uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the consistent display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
For this purpose, the browser you are using must establish a connection to Google’s servers. In the process, there may also be a transmission of personal data to the servers of Google LLC. in the USA. This way, Google becomes aware that our website has been accessed through your IP address. The processing of personal data in connection with the connection to the font provider is only carried out if you have given us your consent according to Art. 6 Para. 1 a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service using the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a default font will be used from your computer.
Further information about Google Web Fonts can be found at https://developers.google.com
12) Tools and Miscellaneous
Cookie-Consent-Tool
This website uses a “Cookie Consent Tool” to obtain effective user consents for consent-required cookies and cookie-based applications. The “Cookie Consent Tool” is displayed to users when they visit the page in the form of an interactive user interface, where users can provide consent for specific cookies and/or cookie-based applications by checking the corresponding boxes. Through the use of the tool, all consent-required cookies/services are only loaded when the respective user gives their consent by checking the appropriate boxes. This ensures that such cookies are only set on the user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
In individual cases, if personal data (such as IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6 Para 1 f of the GDPR based on our legitimate interest in ensuring a legally compliant, user-specific, and user-friendly consent management for cookies, as well as a legally compliant design of our website, this processing is carried out.
This processing is also based on Art. 6 Para.. 1 c GDPR. As data controllers, we are obligated by legal requirements to make the use of technically unnecessary cookies dependent on the user’s consent.
Further information about the operator and the settings of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
13) Rights of the Data Subject
13.1 The applicable data protection law grants you certain rights as a data subject in relation to the processing of your personal data by the data controller. These rights are as follows, with reference to the legal basis for their exercise:
- Right to Information (Art. 15 GDPR): You have the right to obtain information about the processing of your personal data and related details.
- Right to rectification according to Art. 16 DSGVO;
- Right to erasure (Right to be forgotten) according to Art. 17 DSGVO;
- Right to restriction of processing according to Art. 18 DSGVO;
- Right to information according to Art. 19 DSGVO;
- Right to data portability according to Art. 20 DSGVO;
- Right to withdraw consent according to Art. 7 Abs. 3 GDPR;
- Right to lodge a complaint according to Art. 77 GDPR
13.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS IN THE COURSE OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS STILL PERMISSIBLE IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.
14) Duration of Personal Data Storage:
The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and, if applicable, additional legal retention periods (such as commercial and tax retention periods).
When processing personal data based on explicit consent according to Art. 6 1 lit. a DSGVO the data will be stored as long as the data subject does not revoke their consent.
If there are statutory retention periods for data processed within the scope of legal or legal-like obligations based on Article 6 1 lit. b DSGVO, after the expiration of these retention periods, the data will be routinely deleted if they are no longer necessary for the fulfillment of the contract or for initiating a contract and/or if we do not have a legitimate interest in continuing to store them.
When processing personal data based on explicit consent according to Art. 6 1 lit. f DSGVO these data will be stored until the data subject exercises their right to object pursuant to Art. 21 Abs. 1 DSGVO unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Article 6 1 lit. f DSGVO these data will be stored until the data subject exercises their right to object pursuant to Art. 21 Abs. Art. 21 Abs. 2 DSGVO
Unless otherwise specified in the other information provided in this statement regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.